CVE-2025-1647

描述

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.

受影響套件(3)

• Debian/twitter-bootstrap3from 0, < 3.4.1+dfsg-2+deb11u2
• Debian/twitter-bootstrap3from 0, < 3.4.1+dfsg-2+deb11u2
• npm/bootstrap

CVSS 分數

參考連結(5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-1647
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-1647
• PATCHhttps://github.com/twbs/bootstrap
• WEBhttps://lists.debian.org/debian-lts-announce/2025/06/msg00001.html
• WEBhttps://www.herodevs.com/vulnerability-directory/cve-2025-1647